28 Nov 2018
A sequence of numbers and letters that serves to ensure a downloaded file doesn’t have errors.
If you know the checksum of an original file, you can use a checksum utility to confirm your copy is identical.
To produce a checksum you run a program that puts the file through an algorithm (MD5, SHA-1, SHA-256, SHA-512 etc.), and a cryptographic hash function will produce a string of a fixed length.
This works cause small changes in the file will produce very different looking checksums.
Because of collisions, you shouldn’t rely on MD5 or SHA-1 to check that a file is authentic, just to check corruption.
There haven’t been any repots of an SHA-256 collision yet.